From 4b0cf8b4477f4eafdee0a34009a655cf22a83d15 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 28 Sep 2021 10:19:16 +0200 Subject: [PATCH] disallow anonymous sals auth --- rootfs/etc/confd/templates/main.cf.tmpl | 1 - rootfs/etc/confd/templates/master.cf.tmpl | 9 ++++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index 5c9c9df..bf8f5a6 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -57,7 +57,6 @@ smtpd_tls_auth_only = yes smtpd_sasl_tls_security_options = noanonymous smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination -smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient #smtpd_milters = diff --git a/rootfs/etc/confd/templates/master.cf.tmpl b/rootfs/etc/confd/templates/master.cf.tmpl index 4642318..87acb34 100644 --- a/rootfs/etc/confd/templates/master.cf.tmpl +++ b/rootfs/etc/confd/templates/master.cf.tmpl @@ -2,7 +2,14 @@ submission inet n - - - - smtpd -o tls_preempt_cipherlist=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o smtpd_tls_auth_only=yes + -o smtpd_reject_unlisted_recipient=no + -o smtpd_client_restrictions=$mua_client_restrictions + -o smtpd_helo_restrictions=$mua_helo_restrictions + -o smtpd_sender_restrictions=$mua_sender_restrictions + -o smtpd_recipient_restrictions= + -o smtpd_relay_restrictions=permit_sasl_authenticated,reject + -o milter_macro_daemon_name=ORIGINATING smtp inet n - n - - smtpd pickup unix n - n 60 1 pickup